Search
Total
1927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15177 | 1 Gxlcms | 1 Gxlcms | 2018-10-05 | 6.8 MEDIUM | 8.8 HIGH |
| In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. | |||||
| CVE-2018-15193 | 1 Gogs | 1 Gogs | 2018-10-05 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. | |||||
| CVE-2018-15197 | 1 Onethink | 1 Onethink | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges. | |||||
| CVE-2018-14965 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF. | |||||
| CVE-2018-14966 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF. | |||||
| CVE-2018-14960 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. | |||||
| CVE-2018-14963 | 1 Zzcms | 1 Zzcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. | |||||
| CVE-2018-15198 | 1 Onethink | 1 Onethink | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. | |||||
| CVE-2018-14959 | 1 Weaselcms Project | 1 Weaselcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI. | |||||
| CVE-2018-14958 | 1 Weaselcms Project | 1 Weaselcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php. | |||||
| CVE-2018-14978 | 1 Q-cms | 1 Qcms | 2018-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI. | |||||
| CVE-2018-14910 | 1 Seacms | 1 Seacms | 2018-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF. | |||||
| CVE-2018-14926 | 1 Matera | 1 Banco | 2018-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request. | |||||
| CVE-2018-14908 | 1 Samsung | 1 Syncthru Web Service | 2018-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. | |||||
| CVE-2018-14603 | 1 Gitlab | 1 Gitlab | 2018-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component. | |||||
| CVE-2018-14582 | 1 Bagesoft | 1 Bagecms | 2018-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account. | |||||
| CVE-2018-14583 | 1 Xyhcms | 1 Xyhcms | 2018-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account. | |||||
| CVE-2018-14331 | 1 Xiaocms | 1 Xiaocms X1 | 2018-09-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my. | |||||
| CVE-2018-14421 | 1 Seacms | 1 Seacms | 2018-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF. | |||||
| CVE-2018-14420 | 1 Metinfo | 1 Metinfo | 2018-09-14 | 6.8 MEDIUM | 8.8 HIGH |
| MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI. | |||||
| CVE-2018-14069 | 1 Srcms Project | 1 Srcms | 2018-09-10 | 6.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add. | |||||
| CVE-2018-14068 | 1 Srcms Project | 1 Srcms | 2018-09-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add. | |||||
| CVE-2018-13793 | 1 Abbyy | 1 Flexicapture | 2018-09-07 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login. | |||||
| CVE-2018-14029 | 1 Creatiwity | 1 Witycms | 2018-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field. | |||||
| CVE-2018-13989 | 1 Arcelikas | 2 Grundig Smart Inter\@ctive, Grundig Smart Inter\@ctive Firmware | 2018-09-06 | 8.3 HIGH | 8.8 HIGH |
| Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device. | |||||
| CVE-2018-14014 | 1 Super Cms Project | 1 Super Cms | 2018-09-06 | 6.8 MEDIUM | 8.8 HIGH |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. | |||||
| CVE-2018-11349 | 1 Jirafeau | 1 Jirafeau | 2018-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: search_by_name, search_by_hash, and search_link. | |||||
| CVE-2018-12529 | 1 Intex | 2 N150, N150 Firmware | 2018-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings. | |||||
| CVE-2018-12574 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2018-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | |||||
| CVE-2018-13067 | 1 Opencart | 1 Opencart | 2018-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| /upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. | |||||
| CVE-2018-11636 | 1 Dialogic | 1 Powermedia Xms | 2018-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to execute malicious and unauthorized actions. | |||||
| CVE-2018-13032 | 1 Ecessa | 2 Shieldlink Sl175ehq, Shieldlink Sl175ehq Firmware | 2018-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. | |||||
| CVE-2018-1000506 | 1 Mediaron | 1 Metronet Tag Manager | 2018-08-30 | 6.8 MEDIUM | 8.8 HIGH |
| Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9. | |||||
| CVE-2018-13445 | 1 Seacms | 1 Seacms | 2018-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add. | |||||
| CVE-2018-13444 | 1 Seacms | 1 Seacms | 2018-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2. | |||||
| CVE-2018-13340 | 1 Gleeztech | 1 Gleez Cms | 2018-08-28 | 6.8 MEDIUM | 8.8 HIGH |
| Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. | |||||
| CVE-2018-12602 | 1 Lfdycms | 1 Lfcms | 2018-08-27 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily. | |||||
| CVE-2018-12603 | 1 Lfdycms | 1 Lfcms | 2018-08-27 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114. | |||||
| CVE-2018-12739 | 1 Beescms | 1 Beescms | 2018-08-27 | 6.8 MEDIUM | 8.8 HIGH |
| In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266. | |||||
| CVE-2018-13010 | 1 Wstmall | 1 Wstmall | 2018-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. | |||||
| CVE-2018-12582 | 1 Akcms Project | 1 Akcms | 2018-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI. | |||||
| CVE-2018-12659 | 1 Slims Akasia Project | 1 Slims Akasia | 2018-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. | |||||
| CVE-2017-5394 | 2 Google, Mozilla | 2 Android, Firefox | 2018-08-07 | 6.8 MEDIUM | 8.8 HIGH |
| A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | |||||
| CVE-2018-12114 | 1 Maccms | 1 Maccms | 2018-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts. | |||||
| CVE-2015-5996 | 1 Mediabridge | 2 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware | 2018-07-28 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2018-12354 | 1 Knowage-suite | 1 Knowage | 2018-07-27 | 6.8 MEDIUM | 8.8 HIGH |
| Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. | |||||
| CVE-2017-7635 | 1 Qnap | 1 Nas Proxy Server | 2018-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections. | |||||
| CVE-2018-11679 | 1 Cmseasy | 1 Cmseasy | 2018-07-09 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin. | |||||
| CVE-2018-11538 | 1 Searchblox | 1 Searchblox | 2018-07-03 | 6.8 MEDIUM | 8.8 HIGH |
| servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. | |||||
| CVE-2018-11445 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2018-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role. | |||||